Techopedia explains Payment Card Industry (PCI)

There are 12 PCI DSS requirements that must be followed for a business to qualify for compliance certification. Although compliance is technically voluntary, a failure to comply usually results in undesirable consequences. Sometimes a business that is not PCI DSS compliant lowers its industry standards and increases the likelihood of credit card fraud or security breaches. Moreover, a non-compliant business can be penalized by fines.

For a vendor to continue to accept payment card services, it must implement and monitor how its system applies the PCI DSS. Large organizations are usually audited annually, whereas smaller businesses are allowed to simply report their compliance.

The biggest concern is dealing with credit card numbers. To be compliant, a vendor must encrypt card numbers prior to transmitting them over a network. Credit card numbers mut also be stored in a secure environment.